This causes a bunch of out-of-bounds accesses if you have really small buffer
sizes (i.e. 16 bytes will crash).
Signed-off-by: Steven Noonan <steven@uplinklabs.net>
Signed-off-by: Jens Axboe <axboe@fb.com>
{
struct udp_seq *us;
+ if (io_u->xfer_buflen < sizeof(*us))
+ return;
+
us = io_u->xfer_buf + io_u->xfer_buflen - sizeof(*us);
us->magic = cpu_to_le64((uint64_t) FIO_UDP_SEQ_MAGIC);
us->bs = cpu_to_le64((uint64_t) io_u->xfer_buflen);
struct udp_seq *us;
uint64_t seq;
+ if (io_u->xfer_buflen < sizeof(*us))
+ return;
+
if (nd->seq_off)
return;